From: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Date: Tue, 17 May 2016 01:42:54 +0000 (-0400)
Subject: Fix: illegal memory access in consumer_set_subdir
X-Git-Tag: v2.6.3~44
X-Git-Url: https://git.liburcu.org/?p=lttng-tools.git;a=commitdiff_plain;h=6f6a85590e2bd7b3d46af38a4fd7a439d3e1fbc0

Fix: illegal memory access in consumer_set_subdir

Found by Coverity:
CID 1243015 (#1 of 1): Buffer not null terminated
(BUFFER_SIZE_WARNING)8. buffer_size_warning: Calling strncpy with a
maximum size argument of 4096 bytes on destination array
consumer->subdir of size 4096 bytes might leave the destination string
unterminated.

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>
---

diff --git a/src/bin/lttng-sessiond/consumer.c b/src/bin/lttng-sessiond/consumer.c
index 5b1f789d8..f6f321bf9 100644
--- a/src/bin/lttng-sessiond/consumer.c
+++ b/src/bin/lttng-sessiond/consumer.c
@@ -1074,7 +1074,11 @@ int consumer_set_subdir(struct consumer_output *consumer,
 		goto error;
 	}
 
-	strncpy(consumer->subdir, tmp_path, sizeof(consumer->subdir));
+	if (lttng_strncpy(consumer->subdir, tmp_path,
+			sizeof(consumer->subdir))) {
+		ret = -EINVAL;
+		goto error;
+	}
 	DBG2("Consumer subdir set to %s", consumer->subdir);
 
 error: